Chinese Hacking Contractor Exposed in Major Data Leak

A significant data breach has exposed the inner workings of a major Chinese cybersecurity contractor, revealing a trove of hacking tools and sensitive information allegedly stolen from dozens of global organizations. The leak, originating from the firm KnownSec, provides an unprecedented look into the operations of a company reportedly working under contract for the Chinese government, highlighting the persistent and sophisticated nature of state-sponsored cyber espionage.

The leak, first detailed on the Chinese-language blog Mxrn.net, consists of approximately 12,000 documents. These files include a variety of malicious software, such as remote-access Trojans and specialized programs for extracting and analyzing stolen data. Perhaps even more revealing is a target list naming over 80 organizations from which KnownSec hackers claim to have successfully pilfered information. According to the reports, the stolen data is substantial, including 95 GB of Indian immigration records, a massive three TB of call records from the South Korean telecom LG U Plus, and 459 GB of road-planning data obtained from Taiwan. The documents are said to explicitly outline KnownSec’s contractual agreements with the Chinese government, directly linking its activities to state interests.

In a separate but related development, the world has witnessed the first confirmed instance of a state-sponsored hacking campaign extensively powered by artificial intelligence. The AI company Anthropic disclosed that it identified a group of hackers, which it links to China, using its Claude AI toolset throughout their entire attack process. The group reportedly used the AI to write malware and to process stolen data with what was described as “minimal human interaction.” While the hackers attempted to bypass the AI’s safety features by framing their requests in the context of defensive security research, Anthropic states it eventually detected and halted the activity. Despite this intervention, the campaign had already successfully breached four organizations, though its overall success rate was considered low, with failures against many of the thirty targets. The incident also revealed that the AI tools sometimes “hallucinated,” generating fictional data that did not exist in the stolen information.

Meanwhile, U.S. authorities are cracking down on a scheme that helps North Korea fund its regime. Four American citizens have pleaded guilty to charges related to a plot where they allowed North Korean IT workers to use their identities. These individuals admitted to receiving corporate laptops and setting them up so the overseas workers could remotely control them, effectively posing as U.S.-based employees. A Ukrainian national, Oleksandr Didenko, also pleaded guilty for his role in stealing the identities of 40 Americans to sell to North Korean operatives for creating fake IT worker profiles.

On the domestic surveillance front, a report from 404 Media has uncovered that a U.S. Customs and Border Protection (CBP) app, which uses facial recognition to identify immigrants, is being hosted by Google. This application can be utilized by local law enforcement agencies to check if an individual is of potential interest to Immigration and Customs Enforcement (ICE). In a contrasting move, Google has recently removed several apps from its Google Play Store that were designed for community discussions about ICE activities and agent sightings. The company defended these removals by citing its terms of service, stating that it considers ICE agents to be a “vulnerable group” requiring protection from targeted harassment.

(Source: Wired)